commit d113c02563a531622c782392357004dcb87dd69e · pyrox.dev/nixpkgs

+18 -4
nixos/modules/services/security/vault.nix
···

       1
       1
        
       { config, lib, pkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       with lib;

     

       4
       4
       +
       

     

       4
       5
        
       let

     

       5
       6
        
         cfg = config.services.vault;

     

       6
       7
        
       

     
···

       24
       25
        
                 ${cfg.telemetryConfig}

     

       25
       26
        
               }

     

       26
       27
        
             ''}

     

       28
       28
       +
           ${cfg.extraConfig}

     

       27
       29
        
         '';

     

       28
       30
        
       in

     

       31
       31
       +
       

     

       29
       32
        
       {

     

       30
       33
        
         options = {

     

       31
       31
       -
       

     

       32
       34
        
           services.vault = {

     

       33
       33
       -
       

     

       34
       35
        
             enable = mkEnableOption "Vault daemon";

     

       35
       36
        
       

     

       37
       37
       +
             package = mkOption {

     

       38
       38
       +
               type = types.package;

     

       39
       39
       +
               default = pkgs.vault;

     

       40
       40
       +
               defaultText = "pkgs.vault";

     

       41
       41
       +
               description = "This option specifies the vault package to use.";

     

       42
       42
       +
             };

     

       43
       43
       +
       

     

       36
       44
        
             address = mkOption {

     

       37
       45
        
               type = types.str;

     

       38
       46
        
               default = "127.0.0.1:8200";

     
···

       58
       66
        
               default = ''

     

       59
       67
        
                 tls_min_version = "tls12"

     

       60
       68
        
               '';

     

       61
       61
       -
               description = "extra configuration";

     

       69
       69
       +
               description = "Extra text appended to the listener section.";

     

       62
       70
        
             };

     

       63
       71
        
       

     

       64
       72
        
             storageBackend = mkOption {

     
···

       84
       92
        
               default = "";

     

       85
       93
        
               description = "Telemetry configuration";

     

       86
       94
        
             };

     

       95
       95
       +
       

     

       96
       96
       +
             extraConfig = mkOption {

     

       97
       97
       +
               type = types.lines;

     

       98
       98
       +
               default = "";

     

       99
       99
       +
               description = "Extra text appended to <filename>vault.hcl</filename>.";

     

       100
       100
       +
             };

     

       87
       101
        
           };

     

       88
       102
        
         };

     

       89
       103
        
       

     
···

       122
       136
        
               User = "vault";

     

       123
       137
        
               Group = "vault";

     

       124
       138
        
               PermissionsStartOnly = true;

     

       125
       125
       -
               ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}";

     

       139
       139
       +
               ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";

     

       126
       140
        
               PrivateDevices = true;

     

       127
       141
        
               PrivateTmp = true;

     

       128
       142
        
               ProtectSystem = "full";